Got the answer for 1st query http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_46_se/configuration/guide/swacl.html#wpxref25516
cisco-avpair= *"ip:inacl#1=deny ip 10.10.10.10 0.0.255.255 20.20.20.20 255.255.0.0"* cisco-avpair= *"ip:inacl#2=deny ip 10.10.10.10 0.0.255.255 any"* cisco-avpair= *"mac:inacl#3=deny any any decnet-iv* ** *Please provide your inputs on query 2 and 3.* ** *With regards* *Kings* ** On Fri, Apr 9, 2010 at 10:29 PM, Kingsley Charles < [email protected]> wrote: > Hi all > > I need clarification on 802.1x per User ACLs > > Please refer the following section of the given link: > > Using IEEE 802.1x Authentication with Per-User ACLs > > > http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_46_se/configuration/guide/sw8021x.html > > *Query 1* > > Please let me know the correct format that we should enter in the cisco av > pair box. > > inacl#1=permit ip any any (mentioned in the above given link) > > or > > ip:inacl#1=permit ip any any (mentioned in IPexprt Vol 2 Lab 3 section 5.3) > > > *Query 2* > > Is it required to configured a restrictive ACL as we do for NAC and then > the downloaded ACLs are added on the top of the restrictive ACL? > > *Query 3* > > My understanding is that these are port ACLs not routed ACLs. Please > confirm. > > > > With regards > Kings > > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
